I'm trying to make my life a bit easier, supporting a web application that's running on a hosted Windows Server 2008, under IIS 7.

The site is the default web site on the server, and access is controlled with a default deny rule, and an allow list of remote IP addresses.

All of our physical locations have static IP addresses, which ensures that this setup works for all sites, however I have a couple of users who also work from home and are authorised to access the application from their home locations.

Their IP addresses keep changing - every few days - effectively locking them out of the app until I can remote onto the server and create a new allow rule for their new IP address. This is OK if I have my laptop handy, but it's a pain if I'm out and about with only a mobile handset to work with.

I've been trying to figure out a process to help and here's what I came up with:

I get a new IP address by email to my mobile.

I put that address in a text file that I ftp to the server.

A routine process (probably a VB script running every half hour as a scheduled task) picks up the file, and creates a command line instruction using something like appcmd, vbscript or powershell to add the address to an allow rule on the site.

hey presto - job done.

I've already set up the first few steps - getting the file onto the server and reading it, but I'm struggling to find the right syntax for appcmd, or anything else to complete the process.

Alternatively look and see if you can set them up with VPN access, not only does this give them secure access to every internal resource (file shares etc.), but as they would appear to normal internal users there would be no need to mess around with allowing additional IP addresses.

Plus you can make the case that it is nor more secure for remote users as the connection will be encrypted, all the more important thanks to all the attention that firesheep is getting (demonstrate how you can hijack your bosses facebook account in seconds and they should get onboard pretty quickly!)

Thanks for the suggestion Nick, however the reasons behind implementing IP security are more location-based than user-based. I can't have the users (aside from a select few) accessing the system unless they are AT work...

Using VPN would not address this - would it? This is a hosted, Windows 2008 server Web Edition. Not sure that there's an easy way to enable VPN to this server.

That said - I can still see a number of scenarios where I might want to easily/semi-automatically manage the IP security on the site as in my original post, so I'm going to leave this open as unanswered for now.